package org.globus.gsi;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.common.ChainedIOException;
import org.globus.common.CoGProperties;
import org.globus.gsi.bc.BouncyCastleOpenSSLKey;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.gsi.gssapi.KeyPairCache;
import org.globus.gsi.gssapi.SSLUtil;
import org.globus.gsi.proxy.ProxyPathValidator;
import org.globus.gsi.proxy.ProxyPathValidatorException;
import org.globus.util.Base64;
import org.globus.util.I18n;

/* loaded from: input_file:org/globus/gsi/GlobusCredential.class */
public class GlobusCredential implements Serializable {
    private static I18n i18n = I18n.getI18n("org.globus.gsi.errors", CertUtil.class.getClassLoader());
    private static Log logger = LogFactory.getLog(GlobusCredential.class.getName());
    private static transient GlobusCredential defaultCred = null;
    private static transient boolean credentialSet = false;
    private static transient File credentialFile = null;
    private static transient long credentialLastModified = -1;
    private PrivateKey key;
    private X509Certificate[] certs;

    public GlobusCredential(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this.key = privateKey;
        this.certs = x509CertificateArr;
    }

    public GlobusCredential(String str) throws GlobusCredentialException {
        if (str == null) {
            throw new IllegalArgumentException(i18n.getMessage("proxyFileNull"));
        }
        logger.debug("Loading proxy file: " + str);
        try {
            load(new FileInputStream(str));
        } catch (FileNotFoundException e) {
            throw new GlobusCredentialException(3, "proxyNotFound", new Object[]{str});
        }
    }

    public GlobusCredential(String str, String str2) throws GlobusCredentialException {
        if (str == null || str2 == null) {
            throw new IllegalArgumentException();
        }
        try {
            this.certs = CertUtil.loadCertificates(str);
            BouncyCastleOpenSSLKey bouncyCastleOpenSSLKey = new BouncyCastleOpenSSLKey(str2);
            if (bouncyCastleOpenSSLKey.isEncrypted()) {
                throw new GlobusCredentialException(2, "encPrivKey", new Object[]{str2});
            }
            this.key = bouncyCastleOpenSSLKey.getPrivateKey();
        } catch (IOException e) {
            throw new GlobusCredentialException(3, "ioError00", e);
        } catch (GeneralSecurityException e2) {
            throw new GlobusCredentialException(3, "secError00", e2);
        } catch (Exception e3) {
            throw new GlobusCredentialException(-1, "error00", e3);
        }
    }

    public GlobusCredential(InputStream inputStream) throws GlobusCredentialException {
        load(inputStream);
    }

    /* JADX WARN: Finally extract failed */
    protected void load(InputStream inputStream) throws GlobusCredentialException {
        if (inputStream == null) {
            throw new IllegalArgumentException(i18n.getMessage("credInpStreamNull"));
        }
        PrivateKey privateKey = null;
        Vector vector = new Vector(3);
        BufferedReader bufferedReader = null;
        try {
            try {
                try {
                    try {
                        bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            if (readLine.indexOf("BEGIN CERTIFICATE") != -1) {
                                vector.addElement(CertUtil.loadCertificate(new ByteArrayInputStream(getDecodedPEMObject(bufferedReader))));
                            } else if (readLine.indexOf("BEGIN RSA PRIVATE KEY") != -1) {
                                privateKey = new BouncyCastleOpenSSLKey(KeyPairCache.DEFAULT_ALGORITHM, getDecodedPEMObject(bufferedReader)).getPrivateKey();
                            }
                        }
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e) {
                            }
                        }
                        int size = vector.size();
                        if (size == 0) {
                            throw new GlobusCredentialException(3, "noCerts00", (Exception) null);
                        }
                        if (privateKey == null) {
                            throw new GlobusCredentialException(3, "noKey00", (Exception) null);
                        }
                        this.certs = new X509Certificate[size];
                        vector.copyInto(this.certs);
                        this.key = privateKey;
                    } catch (GeneralSecurityException e2) {
                        throw new GlobusCredentialException(3, "secError00", e2);
                    }
                } catch (IOException e3) {
                    throw new GlobusCredentialException(3, "ioError00", e3);
                }
            } catch (Exception e4) {
                throw new GlobusCredentialException(-1, "error00", e4);
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e5) {
                }
            }
            throw th;
        }
    }

    private static final byte[] getDecodedPEMObject(BufferedReader bufferedReader) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new EOFException(i18n.getMessage("pemFooter"));
            }
            if (readLine.indexOf("--END") != -1) {
                return Base64.decode(stringBuffer.toString().getBytes());
            }
            stringBuffer.append(readLine);
        }
    }

    public void save(OutputStream outputStream) throws IOException {
        try {
            CertUtil.writeCertificate(outputStream, this.certs[0]);
            new BouncyCastleOpenSSLKey(this.key).writeTo(outputStream);
            for (int i = 1; i < this.certs.length; i++) {
                if (!this.certs[i].getSubjectDN().equals(this.certs[i].getIssuerDN())) {
                    CertUtil.writeCertificate(outputStream, this.certs[i]);
                }
            }
            outputStream.flush();
        } catch (CertificateEncodingException e) {
            throw new ChainedIOException(e.getMessage(), e);
        }
    }

    public void verify() throws GlobusCredentialException {
        ProxyPathValidator proxyPathValidator = new ProxyPathValidator();
        try {
            TrustedCertificates trustedCertificates = TrustedCertificates.getDefault();
            proxyPathValidator.validate(getCertificateChain(), trustedCertificates.getCertificates(), CertificateRevocationLists.getDefault(), trustedCertificates.getSigningPolicies());
        } catch (ProxyPathValidatorException e) {
            if (!e.getMessage().startsWith("[JGLOBUS-96]")) {
                throw new GlobusCredentialException(3, "certVerifyError", e);
            }
            throw new GlobusCredentialException(1, "expired00", e);
        }
    }

    public X509Certificate getIdentityCertificate() {
        try {
            return BouncyCastleUtil.getIdentityCertificate(this.certs);
        } catch (CertificateException e) {
            logger.debug("Error getting certificate identity", e);
            return null;
        }
    }

    public int getPathConstraint() {
        int i = Integer.MAX_VALUE;
        for (int i2 = 0; i2 < this.certs.length; i2++) {
            try {
                int proxyPathConstraint = BouncyCastleUtil.getProxyPathConstraint(this.certs[i2]);
                if (proxyPathConstraint == -1) {
                    proxyPathConstraint = Integer.MAX_VALUE;
                }
                if (proxyPathConstraint < i) {
                    i = proxyPathConstraint;
                }
            } catch (IOException e) {
                logger.error("Error retrieving path length", e);
                i = -1;
            } catch (CertificateEncodingException e2) {
                logger.error("Error retrieving path length", e2);
                i = -1;
            }
        }
        return i;
    }

    public String getIdentity() {
        try {
            return BouncyCastleUtil.getIdentity(this.certs);
        } catch (CertificateException e) {
            logger.debug("Error getting certificate identity", e);
            return null;
        }
    }

    public PrivateKey getPrivateKey() {
        return this.key;
    }

    public X509Certificate[] getCertificateChain() {
        return this.certs;
    }

    public int getCertNum() {
        for (int length = this.certs.length - 1; length >= 0; length--) {
            if (!this.certs[length].getSubjectDN().equals(this.certs[length].getIssuerDN())) {
                return length + 1;
            }
        }
        return this.certs.length;
    }

    public int getStrength() {
        if (this.key == null) {
            return -1;
        }
        return ((RSAPrivateKey) this.key).getModulus().bitLength();
    }

    public String getSubject() {
        return this.certs[0].getSubjectDN().getName();
    }

    public String getIssuer() {
        return this.certs[0].getIssuerDN().getName();
    }

    public int getProxyType() {
        try {
            return BouncyCastleUtil.getCertificateType(this.certs[0]);
        } catch (CertificateException e) {
            logger.debug("Error getting certificate type", e);
            return -1;
        }
    }

    public long getTimeLeft() {
        Date date = null;
        for (int i = 0; i < this.certs.length; i++) {
            Date notAfter = this.certs[i].getNotAfter();
            if (date == null || notAfter.before(date)) {
                date = notAfter;
            }
        }
        long time = (date.getTime() - System.currentTimeMillis()) / 1000;
        if (time < 0) {
            return 0L;
        }
        return time;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        byte[] encoded = new BouncyCastleOpenSSLKey(this.key).getEncoded();
        objectOutputStream.writeInt(encoded.length);
        objectOutputStream.write(encoded);
        objectOutputStream.writeInt(this.certs.length);
        for (int i = 0; i < this.certs.length; i++) {
            try {
                byte[] encoded2 = this.certs[i].getEncoded();
                objectOutputStream.writeInt(encoded2.length);
                objectOutputStream.write(encoded2);
            } catch (Exception e) {
                throw new ChainedIOException("", e);
            }
        }
    }

    private static byte[] readData(ObjectInputStream objectInputStream) throws IOException {
        int readInt = objectInputStream.readInt();
        byte[] bArr = new byte[readInt];
        SSLUtil.readFully(objectInputStream, bArr, 0, readInt);
        return bArr;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        try {
            this.key = new BouncyCastleOpenSSLKey(KeyPairCache.DEFAULT_ALGORITHM, readData(objectInputStream)).getPrivateKey();
            int readInt = objectInputStream.readInt();
            this.certs = new X509Certificate[readInt];
            for (int i = 0; i < readInt; i++) {
                try {
                    this.certs[i] = CertUtil.loadCertificate(new ByteArrayInputStream(readData(objectInputStream)));
                } catch (IOException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new ChainedIOException("", e2);
                }
            }
        } catch (IOException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new ChainedIOException("", e4);
        }
    }

    public static synchronized GlobusCredential getDefaultCredential() throws GlobusCredentialException {
        if (defaultCred == null) {
            reloadDefaultCredential();
        } else if (!credentialSet) {
            if (credentialFile.lastModified() == credentialLastModified) {
                defaultCred.verify();
            } else {
                defaultCred = null;
                reloadDefaultCredential();
            }
        }
        return defaultCred;
    }

    private static void reloadDefaultCredential() throws GlobusCredentialException {
        String proxyFile = CoGProperties.getDefault().getProxyFile();
        defaultCred = new GlobusCredential(proxyFile);
        credentialFile = new File(proxyFile);
        credentialLastModified = credentialFile.lastModified();
        defaultCred.verify();
    }

    public static synchronized void setDefaultCredential(GlobusCredential globusCredential) {
        defaultCred = globusCredential;
        credentialSet = globusCredential != null;
    }

    public String toString() {
        String property = System.getProperty("line.separator");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("subject    : ").append(getSubject()).append(property);
        stringBuffer.append("issuer     : ").append(getIssuer()).append(property);
        stringBuffer.append("strength   : ").append(getStrength() + " bits").append(property);
        stringBuffer.append("timeleft   : ").append(getTimeLeft() + " sec").append(property);
        stringBuffer.append("proxy type : ").append(CertUtil.getProxyTypeAsString(getProxyType()));
        return stringBuffer.toString();
    }
}
